require email presence in SIGN_IN

[yshmarov]

if the "send magic link" form is submitted without an email, there will be an SMTP error.

this is because we do not guard against submitting a nil email.

• step 1 - require email in the HTML form
• step 2 - [TODO] render form error if email blank from the controller

[fchatterji]

Hey, i'd like to contribute on this issue if possible. Is it still ongoing? I see the first step has already been merged.

[mikker]

Please go ahead 😊 PRs welcome

[fchatterji]

@mikker Ok, I'm not really sure the second step is needed. Usually you would put the validation in the model, and the controller would render the error just fine. But here, the user of the gem creates the user model.

We could add a validation in the controller, render :new and use flash messages to add the error. But it seems overly complex. I think the user of the gem should be responsible for validating that he doesn´t allow empty emails on his own backend.

What do you think?

[yshmarov]

hey @fchatterji ! Having just frontend presence validation is not enough. This way, a user can input an invalid email, successfully submit the form, and get Net::SMTPSyntaxError in passwordless/sessions # create.

I think we can add some validation in find_authenticable to check if email satisfies URI::MailTo::EMAIL_REGEXP...

[fchatterji]

Hey @yshmarov, ok thanks, I see what you mean, here's my PR: https://github.com/mikker/passwordless/pull/134